Rules for Implementing Wireless Networks at NC State

[Issued by the Vice Provost for Information Technology and Associate Vice Chancellor for Resource Management and Information Systems; approved by the University Information Technology Committee, December 13, 2002]

Authority

The use of data networking resources at NC State, including wireless, is governed by all of the following:

  • federal law
  • state law
  • university policies and procedures.

NC State’s Communication Technologies (ComTech), the university’s data network and Internet service provider, is responsible for NC State’s network infrastructure and all connections to it, including wireless. ComTech has the authority to block wireless transmitters and other wireless devices from access to the university’s production data network, as well as to request termination of the use of any other device that:

  • interferes with the security or operation of the official NC State wireless units or the campus network or
  • does not comply with standards approved by the University Information Technology Committee (see section II, below).

Related Policies

REG 08.00.02 – Computer Use Regulation

Contact Information

Communication Technologies Network Operations Center (NOC): 919.513-9675

I. Purpose

The following rules and guidelines for wireless access to the NC State data network have been implemented to preserve the security, utility and flexibility of the campus data network infrastructure and computing systems. Most of today’s wireless network standards use Instrumentation, Scientific, and Medical (ISM) bands of radio frequencies (900 MHz, 2.4 GHz and 5 GHz), which the Federal Communications Commission (FCC) does not regulate or restrict, the university must manage these frequency bands to provide a reliable production wireless network

II. Scope

A. This document applies to the implementation of all wireless networking at NC State.

B. For this document, wireless networks on the campus are divided into two categories:

  • NC State public wireless networks are those that are designed, built and maintained by ComTech for use by NC State students, faculty and staff who have valid university computing accounts.The ComTech wireless network implementation is part of a campus-wide Nomad Computing Environment. The Nomad Computing Environment uses Dynamic Host Configuration Protocol (DHCP) to provide ubiquitous and seamless mobile computing resources. The NC State wireless network infrastructure allows portable computing devices with wireless network interfaces to connect to the NC State network uses IEEE 802.11a/g/n/ac-compliant technology at the present time. This may change as other technology options mature.
  • NC State private wireless networks are those that are not funded, designed, built, and maintained by ComTech, but are installed and maintained by NC State colleges, departments, units, organizations, or authorized individuals. The devices must be registered and the installation approved.

III. Implementation of NC State public wireless networks

A. ComTech is responsible for obtaining the funding and for the design, purchase, installation, and management of the NC State public wireless network.

B. Priorities for installation will be determined by a cooperative effort between ComTech and the Infrastructure Subcommittee of the University Information Technology Committee. Once the priorities have been set, the subcommittee must approve any changes to the priorities. In cases where a campus organization needs to have public wireless networking installed ahead of schedule, ComTech will work with the organization to fulfill that need as quickly as possible, but the organization may be charged an installation fee (to be determined by ComTech) to offset additional costs not provided for in the ComTech budget.

C. Configuration standards for hardware clients on NC State public wireless network are as follows:

  • Service Set Identifier (SSID) = ncsu
  • Internet Protocol (IP) setting = Dynamic Host Control Protocol (DHCP)
  • Encryption = None

D. The NC State public wireless network may be used by NC State students, faculty and staff who have a valid NC State computing account login ID, password and properly configured portable computer. Guests of the University may obtain a temporary login ID and password for logging into the system. In order to get a valid connection, all NC State public wireless network clients must use a Web browser (e.g., Internet Explorer, Firefox, Safari) to authenticate to the Nomad Computing Environment. The login page will appear when the user’s Web browser requests a Web page. After successful authentication, the user will be able to use the campus network and the Internet.

E. Running remote services (e.g., Web server, ftp server, nfs server, any person-to-person file sharing service) is PROHIBITED on the NC State Nomad Computing Environment and on public wireless networks. However, users of the Nomad Computing Environment and public wireless networks will be able to connect to such services provided elsewhere.

F. All traffic to and from the Nomad Computing Environment is logged and associated with the user, as permitted by NC State Administrative Regulations, section II, G.

G. Users of the NC State public wireless network are requested to report any problems they encounter with the public wireless network or the Nomad Computing Environment immediately to the Network Operations Center (NOC) by phone (919.513.9675) or by email to support@ncsu.edu The user should have the following information available for the consultant:

  • Physical location of where the problem was encountered
  • Vendor of the wireless networking card being used
  • Wireless networking configuration
  • IP configuration obtained

H. Wireless network users are responsible for the security of the data transmissions they send over the wireless network. They should therefore be strongly encouraged to use secure application-level protocols (e.g., secure shell, secure web, VPN) when sensitive information traverses the wireless network; otherwise, they should move to the wired campus network.

IV. Implementation of private wireless networks on campus

A. Those who implement private wireless networks on campus are responsible for compliance with the rules, restrictions and provisions described in this document and for support of the private wireless network, including the network traffic.

B. Those who implement private wireless networks may employ wireless encryption technology if desired. They should be aware, however, that current wireless encryption technologies are weak, and it remains possible to eavesdrop and to passively decrypt wireless networking traffic.

C. Departments and authorized individuals may install private wireless networks on campus, provided that the installation does not interfere with the NC State public wireless network and that the private wireless network is set up in compliance with the following standards:

  1. Transmitter (access point or base station) registration
    • All wireless networking transmitters MUST be registered in DNS with a descriptive name in this format:
      building-nearest room number-type-channel
          Example:withers-410-proxim-6
    • In most cases, registration will be done by the local LAN administrator.
  2. Channel selection
    • Wireless transmitters’ channels must be configured so as not to disrupt any NC State public wireless networking transmitters or other private wireless networking transmitters.
    • Contact ComTech for appropriate channel selection.
    • Administrators of neighboring private wireless networks should also be consulted.
  3. Access control
    • All private wireless transmitters MUST be configured to allow only known client hardware to use the network.
    • This is best done by setting the list of client Media Access Control (MAC) addresses that are allowed to use the private wireless network.
    • Implementers of private wireless transmitters will be held responsible for the actions of those who access the campus network from those devices.
  4. Service Set Identification (SSID)
    • The SSID must NOT be set to “ncsu.”
    • SSID selection should be coordinated with administrators of neighboring private wireless networks.
  5. Configuration password
    • All transmitter configuration interfaces must be password-protected with a non-default and hard-to-guess password.
  6. Simple Network Management Protocol (SNMP)
    • SNMP strings should NOT be the default.
    • They should have access lists assigned where possible.
  7. Power settings
    Private wireless transmitters should use the lowest possible power output that provides the needed coverage area.
  8. FCC regulations 
  9. Fire codes
    • Every private wireless transmitter must be installed in a manner that does not violate fire codes.
    • For details, contact the NC State Senior Inspector of Fire Protection at 919.515.2568.